Cybersecurity Myths – I’ve got a firewall

Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some of the myths are because the world has changed and the advice is no longer valid. Cybersecurity myths can be spread by well-meaning people, but you need to consider them with a “pinch of salt”.

In this series of posts about cybersecurity myths, I reveal some common areas of belief, and what you need to do.

I have a firewall [and anti-virus software] so I am protected.

In the early days of Information Security (the early term for Cybersecurity), it was a valid protection to have a firewall and anti-virus software. However, the hackers have moved on and no longer try to penetrate your network or use a virus to attack. A firewall and anti-virus is still required to protect from un-targeted attacks. It is estimated that just over half of all Internet traffic is malicious attempts, and a firewall and anti-virus is the first line of defence against this.

Now, most attacks come in through email. Getting a user to click on a link or even just going to a web page is enough to compromise a computer and then the network. It does not even need to be a work email, as you can infect a work computer or network with an attachment or link from your web-based personal email. You can also infect a work system from your home computer, if you are logged in or can access a work system from an attacked or infected computer.

Another attack vector is phone calls. You may have already experienced a call from someone pretending to be from a company you know, and asking you to do something on your computer like download software or visit a website.